Wiz
Vulnerability DatabaseCVE-2022-23482

CVE-2022-23482
xrdp vulnerability analysis and mitigation

Overview

xrdp, an open-source project that provides graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP), was found to contain an Out-of-Bounds Read vulnerability in versions prior to 0.9.21. The vulnerability was specifically identified in the xrdpsecprocessmcsdataCSCORE() function (GHSA Advisory).

Technical details

The vulnerability is tracked as CVE-2022-23482 and affects xrdp versions <= 0.9.20. The issue stems from incorrect handling of validation of client-supplied data, which could lead to out-of-bounds reads. The vulnerability has been assigned a CVSS v3.1 base score indicating low severity (GHSA Advisory).

Impact

If exploited, this vulnerability could potentially allow an attacker to crash the program or extract sensitive information from the affected system (Ubuntu Notice).

Mitigation and workarounds

The vulnerability has been fixed in xrdp version 0.9.21. Users are recommended to upgrade to this version or apply the appropriate security patches. For Ubuntu users, specific package versions have been released: Ubuntu 22.04 (0.9.17-2ubuntu2+esm1), Ubuntu 20.04 (0.9.12-1ubuntu0.1+esm1), and Ubuntu 18.04 (0.9.5-2ubuntu0.1~esm2) (Ubuntu Notice).

Additional resources

SourceThis report was generated using AI

Related xrdp vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-39917CRITICAL9.8
  • xrdpxrdp
  • cpe:2.3:a:neutrinolabs:xrdp
NoYesJul 12, 2024
CVE-2022-23484CRITICAL9.8
  • xrdpxrdp
  • cpe:2.3:a:neutrinolabs:xrdp
NoYesDec 09, 2022
CVE-2022-23493CRITICAL9.1
  • xrdpxrdp
  • librfxencode0
NoYesDec 09, 2022
CVE-2023-42822MEDIUM6.5
  • xrdpxrdp
  • librfxencode0
NoYesSep 27, 2023
CVE-2023-40184MEDIUM6.5
  • xrdpxrdp
  • libpainter0
NoYesAug 30, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo